Cyber & Old School Solutions

02 Sep 2016

InsuranceLegalCorporate

The 1960’s is still viewed as one of the 20th Century’s musical high water marks. It gave us The Beatles, The Rolling Stones, Pink Floyd, The Doors and Bob Dylan to name but a few. It is also the decade where the word “cyber” was first used on a regular basis.

Since then, cyber has become a ubiquitous part of the English language. We now have such concepts as cyberspace, cyberpunks, cybercrime, cyberterrorism and cyberbullying. But what does cyber actually mean?

The Oxford Dictionaries defines cyber as “relating to or characteristic of the culture of computers, information technology and virtual reality”[1]. An alternative definition is from the Cambridge Dictionary, which defines cyber as “involving, using or relating to computers, especially the internet”[2].

The surprising thing with these definitions is the differences between them – one refers to the culture of computers while the other refers to the use of computers. One refers to the internet while the other is completely silent about it. If the very clever people at Oxford and Cambridge Universities cannot therefore agree on a definition, what chance is there for the rest of us?!

Ever one to keep things simple, my view is that cyber can be considered as “relating to computers and the internet”. Given this Hobby Dictionary definition, I find it surprising that corporates mainly focus on data breaches when they consider their cyber risks.

This is not to downplay the size of the data breach risk. The reputational consequences of a breach can be significant for a business, as can the costs, and there are many companies that can testify to this. However, the consequences of a system failure can be equally devastating, as customers of Delta Airlines can bear witness to after a recent power outage grounded all flights worldwide.

I recently attended a meeting at a brewery to discuss the issue of system failures. The discussions established that the brewery bought in raw materials on a “just in time” basis and that all receipts were processed electronically. During the course of the conversation, I suggested that, in the event of a failure in the stock system, they could use old fashioned paper records to record any deliveries that were received while the system was out of action. This would then keep production going in the interim.

This seemed reasonable to me, as I have been working long enough now to recall these “old school” solutions actually being used. I was therefore more than a little surprised when the company advised that paper was not an option. It transpired that their production systems were such that the raw materials used in brewing all beer needed to be traceable, which could not be achieved if a temporary paper solution was used.

I am all for traceability in the products we eat and the beer that we drink. However, this setup could lead to a situation where the raw materials are on a truck at the brewery gate, warehouse staff know that there is space at the site to physically receive and store the goods and production staff know that the materials are needed. However, without a functioning IT system, the raw material will not get past the gate.

The absurdity of this scenario was not lost on the company, nor was the potential magnitude of the associated loss of profit resulting from not being able to brew beer.

The increasing use of computer systems in modern business is a trend that is unlikely now to ever be reversed. The computer power that companies can now access and the way in which processes can be automated has revolutionised the business world.

However, I do wonder whether modern business has also thought about the full consequences of these systems failing and, more to the point, what workaround solutions can be used when this happens. Failure to fully consider these issues could result in a significant business interruption loss occurring.

In the case of my brewery example, the business interruption loss may be avoided by ensuring that paper records could be used in the event of a system failure. Which just goes to show that, even in the modern world of cyber, there is always a place for an old school solution.

Disclaimer

The views or thoughts contained in this blog and in individual posts are those of the individual author and are intended as an example for discussion only and not advice or a prediction of outcome. Each situation an entity or individual may encounter is different and will have diverse facts that affect any analysis and may change the conclusions or opinions expressed here.

Author

0
Comments

There has recently been a great deal of media coverage on the subject of Pension Fund deficits whether relating to individual companies such as BHS or Tata Steel or the industry as a whole. As a trainee Chartered Accountant, I spent a lot of my time auditing a number of...